Abstract Internet have become a great medium of communication as it is free, supportive, entertaining and easily for reachable to millions of people today. The usage of Internet among people become higher day by day, thus also increase the number of web application. Nevertheless, most of the web application exists have some vulnerability as there are some irresponsible people known as hacker that able to interrupt the peace of it. Some of well-known web application vulnerabilities are SQL Injection, Buffer Overflow, Cross Site Scripting and Cross Site request Forgery. In order to overcome this vulnerabilities, it is important to detect first the problem before prevent it. At present, there are a lot of web application vulnerabilities scanner that have been proposed by researcher for detecting web application vulnerabilities such as Acunetix WVS by Acunetix, Netsparker by Mavituna Security, w3af by w3af.org and Firefuzzer. However, these scanners have some limitation such as higher false negative although some of it has no false positive. Therefore, this paper proposed a technique aim to solve these issues by developing a detection method for detect the web application vulnerabilities by using Boyer-Moore String Matching Algorithm. Numerous experiments have been conducted in order to evaluate the performance. The result shows that proposed method has performed well in terms of the ability to accurately detect vulnerabilities based on false negative and have no false positive with low processing time.
[1]
Adnan A. Hnaif.
A New Platform NIDS Based On WEMA
,
2015
.
[2]
Weiming Wang,et al.
A BM Algorithm Oriented on Network Security Audit System
,
2010,
2010 2nd International Conference on E-business and Information System Security.
[3]
Vijaya Kumar,et al.
Data Mining Model For Network Intrusion Detection Using Boyer-Moore Algorithm
,
2014
.
[4]
Ali M. Alakeel.
Using Fuzzy Logic Techniques for Assertion-Based Software Testing Metrics
,
2015,
TheScientificWorldJournal.
[5]
Abdul Samad Shibghatullah,et al.
Hybrid of Boyer Moore and Rule based System for Mobile Library Book Information
,
2014
.
[6]
Robert S. Boyer,et al.
A fast string searching algorithm
,
1977,
CACM.
[7]
Satish L. Kuchiwale,et al.
A Survey on Website Attacks Detection And Prevention
,
2015
.
[8]
John Wilander,et al.
A Comparison of Publicly Available Tools for Dynamic Buffer Overflow Prevention
,
2003,
NDSS.